zlob trojan-zadost o pomoc

[sarinka2002]

prosim pomozte mi odstranit zlob trojan. zkousel jsem spybot i terminatora. hunter ho nasel ale odstrani jej jenom za penize. co musim fixnout? predem moc diky za pomoc


Logfile of HijackThis v1.99.1
Scan saved at 23:57:38, on 3.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\hijack this !!!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60403
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comodo.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CO TAK ČUMÍŠ ?????????
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nhd.exe] "C:\Documents and Settings\Administrator\Data aplikací\nhd.exe"
O4 - HKLM\..\Run: [qxtb.exe] "C:\Documents and Settings\Administrator\Data aplikací\qxtb.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CUninst.exe" "/remove"
O4 - HKCU\..\RunOnce: [eApNa04300] C:\Documents and Settings\All Users\Data aplikací\eApNa04300\eApNa04300.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O16 - DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} (Nsload Control) - https://vconnect.visteon.com/vpns/scripts/nsload.ocx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)

[vyosek]

Zdravim a pekny den preji

Tak toho je

Odinstalujte Trojan Remover - je Vam na prd, kdyz odtranuje jen za penize, navic neni moc kvalitni

Odinstalujte Spybot - Search & Destroy - ma uz davno nejlepsi leta za sebou

Odinstalujte SpyHunter - neni kvalitnim produktem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[sarinka2002]

log zde


ComboFix 10-12-03.01 - Administrator 04.12.2010 18:02:10.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.479.156 [GMT 1:00]
Spuštěný z: E:\ComboFix.exe
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Best Spyware Scanner
c:\program files\Best Spyware Scanner\BestSpywareScanner.exe
c:\program files\Best Spyware Scanner\md5.dll
c:\program files\Best Spyware Scanner\mtools.dll
c:\program files\Best Spyware Scanner\networkdll.dll
c:\program files\Best Spyware Scanner\opfile.dll
c:\program files\Best Spyware Scanner\QAreaDLL.dll
c:\program files\Best Spyware Scanner\RkHitApi.dll
c:\program files\Best Spyware Scanner\sctdll.dll
c:\program files\Best Spyware Scanner\spkdll.dll
c:\program files\Best Spyware Scanner\udefend.dll
c:\program files\Best Spyware Scanner\ussafe.dll
c:\program files\Best Spyware Scanner\zlib1.dll
C:\readme.txt
C:\setup.exe
c:\windows\ST6UNST.000
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\kernel1.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\fbagent.job
c:\windows\TEMP\10.tmp
c:\windows\TEMP\F.tmp
c:\windows\VM305Cap.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_RkHit


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 16:35 . 2010-12-04 16:35 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2010-12-04 16:34 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-04 16:34 . 2010-12-04 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-04 16:34 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 16:34 . 2010-12-04 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 13:59 . 2010-12-04 13:59 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-03 22:41 . 2010-12-03 22:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-12-03 22:30 . 2010-12-03 22:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-12-03 22:12 . 2010-12-03 22:12 -------- d-----w- c:\program files\Enigma Software Group
2010-12-03 22:11 . 2010-12-04 07:47 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-03 22:11 . 2010-12-03 22:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-03 21:56 . 2010-12-03 21:56 962560 ----a-w- c:\windows\isRS-000.tmp
2010-12-03 20:53 . 2010-12-03 22:47 -------- d-----w- c:\program files\Crawler
2010-12-03 20:11 . 2010-12-03 20:11 138240 ----a-w- c:\documents and settings\Administrator\Data aplikací\KabB7wf4.exe
2010-12-03 20:10 . 2010-12-03 20:10 65536 ----a-w- c:\documents and settings\Administrator\Data aplikací\qxtb.exe
2010-12-03 20:09 . 2010-12-03 20:09 456192 ----a-w- c:\documents and settings\Administrator\Data aplikací\gOXGL2XGi.exe
2010-12-03 20:09 . 2010-12-03 20:09 65536 ----a-w- c:\documents and settings\Administrator\Data aplikací\nhd.exe
2010-12-03 20:09 . 2010-12-04 08:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\eApNa04300
2010-12-03 20:09 . 2010-12-03 20:09 174592 ----a-w- c:\documents and settings\Administrator\Data aplikací\exfnm.exe
2010-11-28 22:20 . 2010-11-28 22:20 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\BitComet

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 14:58 . 2010-09-10 14:58 1409 ----a-w- c:\windows\QTFont.for
2007-06-16 11:02 . 2007-06-16 11:01 1944449 -c--a-w- c:\program files\pajssetup.exe
2007-01-07 12:57 . 2007-01-07 12:56 6064640 -c--a-w- c:\program files\icq5_1_setup.exe
2006-12-14 20:56 . 2006-12-14 20:55 711881 -c--a-w- c:\program files\PowerISO26.exe
2006-12-14 18:42 . 2006-12-14 18:42 693840 -c--a-w- c:\program files\wmv9VCMsetup.exe
2006-12-01 20:56 . 2006-12-01 20:56 11937728 -c--a-w- c:\program files\Avastsetupcze.exe
2006-12-01 15:27 . 2006-08-14 20:24 5037072 -c--a-w- c:\program files\spybotsd14.exe
2006-12-01 15:03 . 2006-11-30 16:15 10050902 -c--a-w- c:\program files\Codecs6030_allin1.exe
2006-12-01 14:54 . 2006-12-01 14:54 315624 -c--a-w- c:\program files\dxwebsetup.exe
2006-11-27 15:30 . 2006-11-27 15:28 12841064 -c--a-w- c:\program files\SkypeSetup.exe
2009-08-28 21:42 . 2009-08-28 21:42 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-28 21:42 . 2009-08-28 21:42 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\skype\Phone\Skype.exe" [2010-04-06 26102056]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2006-03-24 387584]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-01-26 327680]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SCDEmuApp.exe"="c:\program files\PowerISO\SCDEmuApp.exe" [2005-10-16 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-20 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-30 202256]
"nhd.exe"="c:\documents and settings\Administrator\Data aplikací\nhd.exe" [2010-12-03 65536]
"qxtb.exe"="c:\documents and settings\Administrator\Data aplikací\qxtb.exe" [2010-12-03 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 01:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"e:\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"e:\\skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23861:TCP"= 23861:TCP:BitComet 23861 TCP
"23861:UDP"= 23861:UDP:BitComet 23861 UDP
"14340:TCP"= 14340:TCP:BitComet 14340 TCP
"14340:UDP"= 14340:UDP:BitComet 14340 UDP

R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [9.6.2006 14:36 7424]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.12.2006 23:28 639224]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [20.12.2006 8:50 58464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [28.3.2006 21:19 6852]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [6.7.2007 15:37 9510]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [31.12.2006 20:28 391743]
S1 d5f235d7;d5f235d7;c:\windows\system32\drivers\d5f235d7.sys [7.6.2009 22:37 0]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.4.2006 10:28 76373]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [23.4.2006 10:28 32631]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.4.2006 10:28 10005]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [13.12.2006 10:00 19072]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2010-12-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1214440339-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1214440339-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride =
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} - hxxps://vconnect.visteon.com/vpns/scripts/nsload.ocx
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4s7n22bu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\DivX for LG 900 Arena\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\DivX for LG 900 Arena\DivX Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4s7n22bu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 18:16
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\EntApi.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\windows\system32\IoctlSvc.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-12-04 18:25:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-04 17:25

Před spuštěním: Volných bajtů: 16 746 250 240
Po spuštění: Volných bajtů: 16 764 387 328

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F834E8CFD080AA9D8BF8700C27D45009

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\windows\system32\drivers\plff.sys
  c:\windows\system32\drivers\Vcs.sys
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

[sarinka2002]

prvni odkaz

http://www.virustotal.com/file-scan/rep ... 1291484513

[sarinka2002]

druhy....


http://www.virustotal.com/file-scan/rep ... 1291484692

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  File::
  c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
  c:\windows\isRS-000.tmp
  c:\windows\Tasks\AppleSoftwareUpdate.job
  c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1214440339-725345543-500.job
  c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1214440339-725345543-500.job
  c:\documents and settings\Administrator\Data aplikací\KabB7wf4.exe
  c:\documents and settings\Administrator\Data aplikací\qxtb.exe
  c:\documents and settings\Administrator\Data aplikací\gOXGL2XGi.exe
  c:\documents and settings\Administrator\Data aplikací\nhd.exe
  c:\documents and settings\All Users\Data aplikací\eApNa04300
  c:\documents and settings\Administrator\Data aplikací\exfnm.exe
  
  Folder::
  c:\Program Files\ICQ6Toolbar
  
  Driver::
  ICQ Service
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  SunJavaUpdateSched"=-
  "TkBellExe"=-
  "nhd.exe"=-
  "qxtb.exe"=-
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  
  DDS::
  Trusted Zone: internet
  Trusted Zone: mcafee.com
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4s7n22bu.default\
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q=

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[sarinka2002]

zde....



ComboFix 10-12-03.01 - Administrator 04.12.2010 20:11:11.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.479.104 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\documents and settings\Administrator\Data aplikací\exfnm.exe"
"c:\documents and settings\Administrator\Data aplikací\gOXGL2XGi.exe"
"c:\documents and settings\Administrator\Data aplikací\KabB7wf4.exe"
"c:\documents and settings\Administrator\Data aplikací\nhd.exe"
"c:\documents and settings\Administrator\Data aplikací\qxtb.exe"
"c:\documents and settings\All Users\Data aplikací\eApNa04300"
"c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP"
"c:\windows\isRS-000.tmp"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1214440339-725345543-500.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1214440339-725345543-500.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\isRS-000.tmp
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1214440339-725345543-500.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1214440339-725345543-500.job
c:\windows\TEMP\6.tmp
c:\windows\TEMP\7.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 17:38 . 2010-12-04 17:38 -------- d-----w- c:\program files\VirusTotalUploader2
2010-12-04 16:35 . 2010-12-04 16:35 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2010-12-04 16:34 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-04 16:34 . 2010-12-04 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-04 16:34 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 16:34 . 2010-12-04 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 13:59 . 2010-12-04 13:59 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-03 22:41 . 2010-12-03 22:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-12-03 22:30 . 2010-12-03 22:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-12-03 22:12 . 2010-12-03 22:12 -------- d-----w- c:\program files\Enigma Software Group
2010-12-03 22:11 . 2010-12-04 07:47 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-03 22:11 . 2010-12-03 22:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-03 20:53 . 2010-12-03 22:47 -------- d-----w- c:\program files\Crawler
2010-12-03 20:11 . 2010-12-03 20:11 138240 ----a-w- c:\documents and settings\Administrator\Data aplikací\KabB7wf4.exe
2010-12-03 20:10 . 2010-12-03 20:10 65536 ----a-w- c:\documents and settings\Administrator\Data aplikací\qxtb.exe
2010-12-03 20:09 . 2010-12-03 20:09 456192 ----a-w- c:\documents and settings\Administrator\Data aplikací\gOXGL2XGi.exe
2010-12-03 20:09 . 2010-12-03 20:09 65536 ----a-w- c:\documents and settings\Administrator\Data aplikací\nhd.exe
2010-12-03 20:09 . 2010-12-04 08:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\eApNa04300
2010-12-03 20:09 . 2010-12-03 20:09 174592 ----a-w- c:\documents and settings\Administrator\Data aplikací\exfnm.exe
2010-11-28 22:20 . 2010-11-28 22:20 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\BitComet

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 14:58 . 2010-09-10 14:58 1409 ----a-w- c:\windows\QTFont.for
2007-06-16 11:02 . 2007-06-16 11:01 1944449 -c--a-w- c:\program files\pajssetup.exe
2007-01-07 12:57 . 2007-01-07 12:56 6064640 -c--a-w- c:\program files\icq5_1_setup.exe
2006-12-14 20:56 . 2006-12-14 20:55 711881 -c--a-w- c:\program files\PowerISO26.exe
2006-12-14 18:42 . 2006-12-14 18:42 693840 -c--a-w- c:\program files\wmv9VCMsetup.exe
2006-12-01 20:56 . 2006-12-01 20:56 11937728 -c--a-w- c:\program files\Avastsetupcze.exe
2006-12-01 15:27 . 2006-08-14 20:24 5037072 -c--a-w- c:\program files\spybotsd14.exe
2006-12-01 15:03 . 2006-11-30 16:15 10050902 -c--a-w- c:\program files\Codecs6030_allin1.exe
2006-12-01 14:54 . 2006-12-01 14:54 315624 -c--a-w- c:\program files\dxwebsetup.exe
2006-11-27 15:30 . 2006-11-27 15:28 12841064 -c--a-w- c:\program files\SkypeSetup.exe
2009-08-28 21:42 . 2009-08-28 21:42 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-28 21:42 . 2009-08-28 21:42 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2006-03-24 387584]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-01-26 327680]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SCDEmuApp.exe"="c:\program files\PowerISO\SCDEmuApp.exe" [2005-10-16 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-20 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 01:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"e:\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"e:\\skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23861:TCP"= 23861:TCP:BitComet 23861 TCP
"23861:UDP"= 23861:UDP:BitComet 23861 UDP
"14340:TCP"= 14340:TCP:BitComet 14340 TCP
"14340:UDP"= 14340:UDP:BitComet 14340 UDP

R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [9.6.2006 14:36 7424]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.12.2006 23:28 639224]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [20.12.2006 8:50 58464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [28.3.2006 21:19 6852]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [6.7.2007 15:37 9510]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [31.12.2006 20:28 391743]
S1 d5f235d7;d5f235d7;c:\windows\system32\drivers\d5f235d7.sys [7.6.2009 22:37 0]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.4.2006 10:28 76373]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [23.4.2006 10:28 32631]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.4.2006 10:28 10005]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [13.12.2006 10:00 19072]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ENTDRV51
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride =
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} - hxxps://vconnect.visteon.com/vpns/scripts/nsload.ocx
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4s7n22bu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\DivX for LG 900 Arena\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\DivX for LG 900 Arena\DivX Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4s7n22bu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 20:22
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\EntApi.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-12-04 20:29:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-04 19:29
ComboFix2.txt 2010-12-04 17:25

Před spuštěním: Volných bajtů: 16 809 537 536
Po spuštění: Volných bajtů: 16 824 692 736

- - End Of File - - 608755BBE2977C26E5C3DAE2F3F38EFD

[vyosek]

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  
  :files
  c:\documents and settings\Administrator\Data aplikací\KabB7wf4.exe
  c:\documents and settings\Administrator\Data aplikací\qxtb.exe
  c:\documents and settings\Administrator\Data aplikací\gOXGL2XGi.exe
  c:\documents and settings\Administrator\Data aplikací\nhd.exe
  c:\documents and settings\All Users\Data aplikací\eApNa04300
  c:\documents and settings\Administrator\Data aplikací\exfnm.exe
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Sem pote dejte obsah okna Results (pod zelenou carou)
• Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

[sarinka2002]

tady

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
========== FILES ==========
c:\documents and settings\Administrator\Data aplikací\KabB7wf4.exe moved successfully.
c:\documents and settings\Administrator\Data aplikací\qxtb.exe moved successfully.
c:\documents and settings\Administrator\Data aplikací\gOXGL2XGi.exe moved successfully.
c:\documents and settings\Administrator\Data aplikací\nhd.exe moved successfully.
c:\documents and settings\All Users\Data aplikací\eApNa04300 folder moved successfully.
c:\documents and settings\Administrator\Data aplikací\exfnm.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\3636C9237AD64DE3978A09609AEE8ECF.TMP folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\system.tmp moved successfully.
C:\WINDOWS\win.tmp moved successfully.
C:\WINDOWS\~GLC0000.TMP moved successfully.
C:\WINDOWS\~GLH0000.TMP moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9B.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI11.tmp moved successfully.
C:\WINDOWS\Installer\MSI17.tmp moved successfully.
C:\WINDOWS\Installer\MSI19.tmp moved successfully.
C:\WINDOWS\Installer\MSI20.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
File move failed. C:\WINDOWS\Temp\WFV1.tmp scheduled to be moved on reboot.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 153570847 bytes
->Flash cache emptied: 1889576 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: radim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52387840 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 198,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12042010_205154

Files moved on Reboot...
File C:\WINDOWS\Temp\WFV1.tmp not found!

Registry entries deleted on Reboot...

[vyosek]

Tak to bychom se zbavili haveti a jeste doopravime veci, ktere nam poskodila...

Dalsi skript pro OTM - postup stejny - log pak sem

Kód: Vybrat vše

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"ImagePath"=hex(2):"%systemroot%\system32\svchost.exe -k netsvcs"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"ImagePath"=hex(2):"%systemroot%\system32\svchost.exe -k netsvcs"

Services::
ICQ Service

[sarinka2002]

udelano dle postupu, okopirovani + movelt, ale pomerne dlouho presypaci hodiny. nic se nedeje.

[vyosek]

Zkuste aplikovat v nouzovem rezimu - restart PC, mackat F8, zvolit Stav nouze s praci v siti. Pokud nepujde, tak to opravime jinak...

[sarinka2002]

aplikovano v nouzovem rezimu a take nic. presypaci hodiny a zadny naznak nejakeho pohybu

[vyosek]

Otevrete si poznamkovy blok

• Start->spustit->notepad
• Vlozte text nize

• Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
  "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
    78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
    73,00,00,00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
  "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
    33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
    78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
    73,00,00,00

• Soubor ulozte jako oprava.reg
• Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
• 
• Zavrit notepad a spustit dvojklikem oprava.reg
• Pripadny dotaz na zmenu registru potvrdte
• Okno jen problikne a opravi regsitry - soubor muzete smazat

Restart PC

A poprosim o novy log z RSIT